idnits 2.17.1 draft-ietf-disman-notif-log-mib-05.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 24 instances of too long lines in the document, the longest one being 3 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 1032 has weird spacing: '...for the purpo...' == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (16 December 1998) is 9256 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2271 (ref. '1') (Obsoleted by RFC 2571) ** Downref: Normative reference to an Informational RFC: RFC 1215 (ref. '4') ** Obsolete normative reference: RFC 1902 (ref. '5') (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (ref. '6') (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1904 (ref. '7') (Obsoleted by RFC 2580) ** Downref: Normative reference to an Historic RFC: RFC 1157 (ref. '8') ** Downref: Normative reference to an Historic RFC: RFC 1901 (ref. '9') ** Obsolete normative reference: RFC 1906 (ref. '10') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2272 (ref. '11') (Obsoleted by RFC 2572) ** Obsolete normative reference: RFC 2274 (ref. '12') (Obsoleted by RFC 2574) ** Obsolete normative reference: RFC 1905 (ref. '13') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2273 (ref. '14') (Obsoleted by RFC 2573) ** Obsolete normative reference: RFC 2275 (ref. '15') (Obsoleted by RFC 2575) -- Duplicate reference: RFC1903, mentioned in '16', was also mentioned in '6'. ** Obsolete normative reference: RFC 1903 (ref. '16') (Obsoleted by RFC 2579) Summary: 25 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Draft Notification Log MIB 16 December 1998 4 Notification Log MIB 6 16 December 1998 8 draft-ietf-disman-notif-log-mib-05.txt 10 Bob Stewart 11 Cisco Systems, Inc. 12 bstewart@cisco.com 14 Status of this Memo 16 This document is an Internet-Draft. Internet-Drafts are working 17 documents of the Internet Engineering Task Force (IETF), its areas, and 18 its working groups. Note that other groups may also distribute working 19 documents as Internet-Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet- Drafts as reference material 24 or to cite them other than as ``work in progress.'' 26 To view the entire list of current Internet-Drafts, please check the 27 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 28 Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), 29 ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), 30 ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). 32 Distribution of this document is unlimited. Please send comments to the 33 Distributed Management Working Group, . 35 Copyright Notice 37 Copyright (C) The Internet Society (1998). All Rights Reserved. 39 1. Abstract 41 This memo defines an experimental portion of the Management Information 42 Base (MIB) for use with network management protocols in the Internet 43 community. In particular, it describes managed objects used for logging 44 SNMP Notifications. 46 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 47 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 48 document are to be interpreted as described in RFC 2119. 50 2. The SNMP Management Framework 52 The SNMP Management Framework presently consists of five major 53 components: 55 o An overall architecture, described in RFC 2271 [1]. 57 o Mechanisms for describing and naming objects and events for the 58 purpose of management. The first version of this Structure of 59 Management Information (SMI) is called SMIv1 and described in 60 RFC 1155 [2], RFC 1212 [3] and RFC 1215 [4]. The second version, 61 called SMIv2, is described in RFC 1902 [5], RFC 1903 [6] and RFC 62 1904 [7]. 64 o Message protocols for transferring management information. The 65 first version of the SNMP message protocol is called SNMPv1 and 66 described in RFC 1157 [8]. A second version of the SNMP message 67 protocol, which is not an Internet standards track protocol, is 68 called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. 69 The third version of the message protocol is called SNMPv3 and 70 described in RFC 1906 [10], RFC 2272 [11] and RFC 2274 [12]. 72 o Protocol operations for accessing management information. The 73 first set of protocol operations and associated PDU formats is 74 described in RFC 1157 [8]. A second set of protocol operations 75 and associated PDU formats is described in RFC 1905 [13]. 77 o A set of fundamental applications described in RFC 2273 [14] and 78 the view-based access control mechanism described in RFC 2275 79 [15]. 81 Managed objects are accessed via a virtual information store, termed the 82 Management Information Base or MIB. Objects in the MIB are defined 83 using the mechanisms defined in the SMI. 85 This memo specifies a MIB module that is compliant to the SMIv2. A MIB 86 conforming to the SMIv1 can be produced through the appropriate 87 translations. The resulting translated MIB must be semantically 88 equivalent, except where objects or events are omitted because no 89 translation is possible (use of Counter64). Some machine readable 90 information in SMIv2 will be converted into textual descriptions in 91 SMIv1 during the translation process. However, this loss of machine 92 readable information is not considered to change the semantics of the 93 MIB. 95 Systems that support SNMP often need a mechanism for recording 96 Notification information as a hedge against lost Notifications, whether 97 those are Traps or Informs [13] that exceed retransmission limits (to 98 consider SNMPv1, see [16]). This MIB therefore provides common 99 infrastructure for other MIBs in the form of a local logging function. 100 It is intended primarily for senders of Notifications but could be used 101 also by receivers. 103 Given the Notification Log MIB, individual MIBs bear less responsibility 104 to record the transient information associated with an event against the 105 possibility that the Notification message is lost, and applications can 106 poll the log to know that they have not missed important Notifications 107 or to suspect that they might have. 109 2.1. Environment 111 The overall environmental concerns for the MIB are: 113 o SNMP Engines and Contexts 115 o Security 117 2.1.1. SNMP Engines and Contexts 119 As described in the SNMP architecture [1], a given system may support 120 multiple SNMP engines operating independently of one another, each with 121 its own SNMP engine identification. Furthermore, within the perview of 122 a given engine there may be multiple named management contexts 123 supporting overlapping or disjoint sets of MIB objects and 124 Notifications. Thus understanding a particular Notification requires 125 knowing the SNMP engine and management context from whence it came. 127 The simplest system may have only one SNMP engine, and the simplest 128 engine may support only one context. In these cases, knowledge of the 129 engine ID and context name can be assumed and need not be explicit. 131 In a given implementation, an instance of the Notification Log MIB may 132 be confined to a single engine or context or may combine information 133 from multiple engines or contexts, allowing for the full range of 134 exclusive or inclusive contents. 136 To provide the necessary source information for a logged Notification, 137 the MIB includes objects to record that Notification's source SNMP 138 engine ID and management context name. In the case where such 139 information can be assumed, the related object need not be instantiated, 140 thus allowing the simplest implemenetation for the simplest system. 142 2.1.2. Security 144 Security for Notifications is awkward since access control for the 145 objects in the Notification can be checked only where the Notification 146 is created. Thus such checking is possible only for locally-generated 147 Notifications, and even then only when security credentials are 148 available. 150 For the purpose of this discussion, "security credentials" means the 151 input values for the abstract service interface function isAccessAllowed 152 [1] and using those credentials means conceptually using that function 153 to see that those credentials allow access to the MIB objects in 154 question, operating as for a Notification Originator in [14]. 156 The Notification Log MIB has the notion of a "named log." By using 157 hierarchically structured log names and view-based access control [15] a 158 network administrator can provide different access for different users. 159 When an application creates a named log the security credentials of the 160 creator stay associated with that log. 162 Hierarchically structured names encode groupings of names within the 163 name string, starting from the left so that they work well with 164 instance-level, view-based access control [15], for example: 166 ops 167 ops-admin 168 ops-oper 169 ops-oper-senior 170 ops-oper-junior 172 Network security managers designing such a naming policy should use 173 punctuation (as in the example) to avoid the problem of a lower level 174 name inadvertently running together with the next higher level name. 176 A managed system with fewer resources may not allow the creation of 177 named logs, providing only the default, null-named log. Such a log has 178 no implicit security credentials for Notification object access control 179 and Notifications are put into it with no further checking. 181 When putting locally-generated Notifications into a named log, the 182 managed system uses the security credentials associated with that log 183 and applies the same access control rules as described for a 184 Notification Originator in [14]. 186 When putting remotely-generated Notifications into a named log or any 187 Notifications into the default, null-named log, the managed system does 188 not apply access control to the Notifications. In those cases the 189 security of the information in the log is left to the normal, overall 190 access control for the log itself. 192 2.2. Structure 194 The MIB has the following sections: 196 o Configuration -- control over how much the log can hold and what 197 Notifications are to be logged. 199 o Statistics -- indications of logging activity. 201 o Log -- the Notifications themselves. 203 2.2.1. Configuration 205 The configuration section contains objects to manage resource use by the 206 MIB. 208 This section also contains a table to specify what logs exist and how 209 they operate. Deciding which Notifications are to be logged depends on 210 filters defined in the the snmpNotifyFilterTable in the standard SNMP 211 Notification MIB [14] identified by the initial index 212 (snmpNotifyFilterName) from that table. 214 2.2.2. Statistics 216 The statistics section contains counters for Notifications logged and 217 discarded, supplying a means to understand the results of log capacity 218 configuration and resource problems. 220 2.2.3. Log 222 The log contains the Notifications and the objects that came in their 223 variable binding list, indexed by an integer that reflects when the 224 entry was made. An application that wants to collect all logged 225 Notifications or to know if it may have missed any can keep track of the 226 highest index it has retrieved and start from there on its next poll, 227 checking sysUpTime for a discontinuity that would have reset the index 228 and perhaps have lost entries. 230 Variables are in a table indexed by Notification index and variable 231 index within that Notification. The values are kept as a "discriminated 232 union," with one value object per variable. Exactly which value object 233 is instantiated depends on the SNMP data type of the variable, with a 234 separate object of appropriate type for each distinct SNMP data type. 236 An application can thus reconstruct the information from the 237 Notification PDU from what is recorded in the log. 239 2.3. Example 241 Following is an example configuration of a named log for logging only 242 linkUp and linkDown Notifications. 244 In nlmConfigLogTable: 246 nlmConfigLogFilterName."links" = "link-status" 247 nlmConfigLogEntryLimit."links" = 0 248 nlmConfigLogAdminStatus."links" = enabled 249 nlmConfigLogOperStatus."links" = operational 250 nlmConfigLogStorageType."links" = nonVolatile 251 nlmConfigLogEntryStatus."links" = active 253 Note that snmpTraps is: 255 iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.5 257 Or numerically: 259 1.3.6.1.6.3.1.1.5 261 And linkDown is snmpTraps.3 and linkUp is snmpTraps.4. 263 So to allow the two Notifications in snmpNotifyFilterTable: 265 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.3 = ''H 266 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.3 = include 267 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.3 268 = nonVolatile 269 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.3 270 = active 272 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.4 = ''H 273 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.4 = include 274 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.4 275 = nonVolatile 276 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.4 277 = active 279 3. Definitions 281 NOTIFICATION-LOG-MIB DEFINITIONS ::= BEGIN 283 IMPORTS 284 MODULE-IDENTITY, OBJECT-TYPE, 285 experimental, Integer32, Unsigned32, 286 TimeTicks, Counter32, Counter64, 287 IpAddress FROM SNMPv2-SMI 288 TimeStamp, TruthValue, 289 StorageType, RowStatus FROM SNMPv2-TC 290 SnmpAdminString, SnmpEngineID FROM SNMP-FRAMEWORK-MIB 291 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; 293 notificationLogMIB MODULE-IDENTITY 294 LAST-UPDATED "9812161700Z" 295 ORGANIZATION "IETF Distributed Management Working Group" 296 CONTACT-INFO "Bob Stewart 297 Cisco Systems, Inc. 298 170 West Tasman Drive, 299 San Jose CA 95134-1706. 300 Phone: +1 408 526 4527 301 Email: bstewart@cisco.com" 302 DESCRIPTION 303 "The MIB module for logging SNMP Notifications, that is, Traps 304 and Informs." 305 ::= { experimental xx } 307 notificationLogMIBObjects OBJECT IDENTIFIER ::= { notificationLogMIB 1 } 309 nlmConfig OBJECT IDENTIFIER ::= { notificationLogMIBObjects 1 } 310 nlmStats OBJECT IDENTIFIER ::= { notificationLogMIBObjects 2 } 311 nlmLog OBJECT IDENTIFIER ::= { notificationLogMIBObjects 3 } 313 -- 314 -- Configuration Section 315 -- 317 nlmConfigGlobalEntryLimit OBJECT-TYPE 318 SYNTAX Unsigned32 319 MAX-ACCESS read-write 320 STATUS current 321 DESCRIPTION 322 "The maximum number of notification entries that can be held 323 in nlmLogTable for all nlmLogNames added together. A particular 324 setting does not guarantee that much data can be held. 326 If an application changes the limit while there are Notifications 327 in the log, the oldest Notifications are discarded to bring the log 328 down to the new limit. 330 A value of 0 means no limit." 331 DEFVAL { 0 } 332 ::= { nlmConfig 1 } 334 nlmConfigGlobalAgeOut OBJECT-TYPE 335 SYNTAX Unsigned32 336 UNITS "minutes" 337 MAX-ACCESS read-write 338 STATUS current 339 DESCRIPTION 340 "The number of minutes a Notification may rest in a log before it 341 is automatically removed. 343 If an application changes the time Notifications older than the new 344 time are discarded to meet the new time. 346 A value of 0 means no age out." 347 DEFVAL { 1440 } -- 24 hours 348 ::= { nlmConfig 2 } 350 -- 351 -- Basic Log Configuration Table 352 -- 354 nlmConfigLogTable OBJECT-TYPE 355 SYNTAX SEQUENCE OF NlmConfigLogEntry 356 MAX-ACCESS not-accessible 357 STATUS current 358 DESCRIPTION 359 "A table of logging control entries." 360 ::= { nlmConfig 3 } 362 nlmConfigLogEntry OBJECT-TYPE 363 SYNTAX NlmConfigLogEntry 364 MAX-ACCESS not-accessible 365 STATUS current 366 DESCRIPTION 367 "A logging control entry. Depending on the entry's storage type 368 entries may be supplied by the system or created and deleted by 369 applications using nlmConfigLogEntryStatus." 370 INDEX { IMPLIED nlmLogName } 371 ::= { nlmConfigNotifyTable 1 } 373 NlmConfigLogEntry ::= SEQUENCE { 374 nlmLogName SnmpAdminString, 375 nlmConfigLogFilterName SnmpAdminString, 376 nlmConfigLogEntryLimit Unsigned32, 377 nlmConfigLogAdminStatus INTEGER, 378 nlmConfigLogOperStatus INTEGER, 379 nlmConfigLogStorageType StorageType, 380 nlmConfigLogEntryStatus RowStatus 381 } 383 nlmLogName OBJECT-TYPE 384 SYNTAX SnmpAdminString (SIZE(0..32)) 385 MAX-ACCESS not-accessible 386 STATUS current 387 DESCRIPTION 388 "The name of the log. 390 An implementation may allow multiple named logs, up to some 391 implementation-specific limit (which may be none). A 392 zero-length log name is reserved for creation and deletion by 393 the managed system, and is used as the default log name by 394 systems that do not support named logs." 395 ::= { nlmConfigLogEntry 1 } 397 nlmConfigLogFilterName OBJECT-TYPE 398 SYNTAX SnmpAdminString (SIZE(0..32)) 399 MAX-ACCESS read-create 400 STATUS current 401 DESCRIPTION 402 "A value of snmpNotifyFilterProfileName as used as an index into 403 the snmpNotifyFilterTable in the SNMP Notification MIB, specifying 404 the locally or remotely originated Notifications to be filtered out 405 and not logged in this log. 407 A zero-length value or a name that does not identify an existing 408 entry in snmpNotifyFilterTable indicate no Notifications are to be 409 logged in this log." 410 DEFVAL { ''H } 411 ::= { nlmConfigLogEntry 2 } 413 nlmConfigLogEntryLimit OBJECT-TYPE 414 SYNTAX Unsigned32 415 MAX-ACCESS read-create 416 STATUS current 417 DESCRIPTION 418 "The maximum number of notification entries that can be held in 419 nlmLogTable for this named log. A particular setting does not 420 guarantee that much data can be held. 422 If an application changes the limit while there are Notifications 423 in the log, the oldest Notifications are discarded to bring the log 424 down to the new limit. 426 A value of 0 indicates no limit." 427 DEFVAL { 0 } 428 ::= { nlmConfigLogEntry 3 } 430 nlmConfigLogAdminStatus OBJECT-TYPE 431 SYNTAX INTEGER { enabled(1), disabled(2) } 432 MAX-ACCESS read-create 433 STATUS current 434 DESCRIPTION 435 "Control to enable or disable the log without otherwise disturbing 436 the log's entry." 437 DEFVAL { enabled } 438 ::= { nlmConfigLogEntry 4 } 440 nlmConfigLogOperStatus OBJECT-TYPE 441 SYNTAX INTEGER { disabled(1), operational(2), noFilter(3) } 442 MAX-ACCESS read-only 443 STATUS current 444 DESCRIPTION 445 "The operational status of this log: 447 disabled administratively disabled 449 operational administratively enabled and working 451 noFilter administratively enabled but either 452 nlmConfigLogFilterName is zero lengh 453 or does not name an existing entry in 454 snmpNotifyFilterTable" 455 ::= { nlmConfigLogEntry 5 } 457 nlmConfigLogStorageType OBJECT-TYPE 458 SYNTAX StorageType 459 MAX-ACCESS read-create 460 STATUS current 461 DESCRIPTION 462 "The storage type of this conceptual row." 463 ::= { nlmConfigLogEntry 6 } 465 nlmConfigLogEntryStatus OBJECT-TYPE 466 SYNTAX RowStatus 467 MAX-ACCESS read-create 468 STATUS current 469 DESCRIPTION 470 "Control for creating and deleting entries. Entries may be 471 modified while active. 473 For non-null-named logs, the managed system records the security 474 credentials from the request that sets nlmConfigLogStatus 475 to 'active' and uses that identity to apply access control to 476 the objects in the Notification to decide if that Notification 477 may be logged." 478 ::= { nlmConfigLogEntry 7 } 480 -- 481 -- Statistics Section 482 -- 484 nlmStatsGlobalNotificationsLogged OBJECT-TYPE 485 SYNTAX Counter32 486 UNITS "notifications" 487 MAX-ACCESS read-only 488 STATUS current 489 DESCRIPTION 490 "The number of Notifications put in the nlmLogTable. This counts 491 a Notification once for each log entry, so a Notification put into 492 multiple logs is counted multiple times." 493 ::= { nlmStats 1 } 495 nlmStatsGlobalNotificationsBumped OBJECT-TYPE 496 SYNTAX Counter32 497 UNITS "notifications" 498 MAX-ACCESS read-only 499 STATUS current 500 DESCRIPTION 501 "The number of log entries discarded to make room for a new entry 502 due to lack of resources or the value of nlmConfigGlobalEntryLimit 503 or nlmConfigLogEntryLimit. This does not include entries discarded 504 due to the value of nlmConfigGlobalAgeOut." 505 ::= { nlmStats 2 } 507 -- 508 -- Log Statistics Table 509 -- 511 nlmStatsLogTable OBJECT-TYPE 512 SYNTAX SEQUENCE OF NlmStatsLogEntry 513 MAX-ACCESS not-accessible 514 STATUS current 515 DESCRIPTION 516 "A table of Notification log statistics entries." 517 ::= { nlmStats 3 } 519 nlmStatsLogEntry OBJECT-TYPE 520 SYNTAX NlmStatsLogEntry 521 MAX-ACCESS not-accessible 522 STATUS current 523 DESCRIPTION 524 "A Notification log statistics entry." 525 AUGMENTS { nlmConfigLogTable } 526 ::= { nlmStatsLogTable 1 } 528 NlmStatsLogEntry ::= SEQUENCE { 529 nlmStatsLogNotificationsLogged Counter32, 530 nlmStatsLogNotificationsBumped Counter32 531 } 533 nlmStatsLogNotificationsLogged OBJECT-TYPE 534 SYNTAX Counter32 535 UNITS "notifications" 536 MAX-ACCESS read-only 537 STATUS current 538 DESCRIPTION 539 "The number of Notifications put in this named log." 540 ::= { nlmStatsLogEntry 1 } 542 nlmStatsLogNotificationsBumped OBJECT-TYPE 543 SYNTAX Counter32 544 UNITS "notifications" 545 MAX-ACCESS read-only 546 STATUS current 547 DESCRIPTION 548 "The number of log entries discarded from this named log to make 549 room for a new entry due to lack of resources or the value of 550 nlmConfigGlobalEntryLimit or nlmConfigLogEntryLimit. This does not 551 include entries discarded due to the value of 552 nlmConfigGlobalAgeOut." 553 ::= { nlmStatsLogEntry 2 } 555 -- 556 -- Log Section 557 -- 559 -- 560 -- Log Table 561 -- 563 nlmLogTable OBJECT-TYPE 564 SYNTAX SEQUENCE OF NlmLogEntry 565 MAX-ACCESS not-accessible 566 STATUS current 567 DESCRIPTION 568 "A table of Notification log entries. 570 It is an implementation-specific matter whether entries in this 571 table are preserved across initializations of the management 572 system. In general one would expect that they are not." 573 ::= { nlmLog 1 } 575 nlmLogEntry OBJECT-TYPE 576 SYNTAX NlmLogEntry 577 MAX-ACCESS not-accessible 578 STATUS current 579 DESCRIPTION 580 "A Notification log entry. 582 Entries appear in this table when Notifications occur and pass 583 filtering by nlmConfigLogFilterName and access control. They are 584 removed to make way for new entries due to lack of resources or 585 the values of nlmConfigGlobalEntryLimit, nlmConfigGlobalAgeOut, or 586 nlmConfigLogEntryLimit. 588 If adding an entry would exceed nlmConfigGlobalEntryLimit or system 589 resources in general, the oldest entry in any log is removed to 590 make room for the new one. 592 If adding an entry would exceed nlmConfigLogEntryLimit the oldest 593 entry in that log is removed to make room for the new one. 595 Before the managed system puts a locally-generated Notification 596 into a non-null-named log it assures that the creator of the log 597 has access to the information in the Notification. If not it 598 does not log that Notification in that log." 599 INDEX { nlmLogName, nlmLogIndex } 600 ::= { nlmLogTable 1 } 602 NlmLogEntry ::= SEQUENCE { 603 nlmLogIndex Unsigned32, 604 nlmLogTime TimeStamp, 605 nlmLogEngineID SnmpEngineID, 606 nlmLogContextName SnmpAdminString, 607 nlmLogVariables Unsigned32, 608 nlmLogNotificationID OBJECT IDENTIFIER 609 } 611 nlmLogIndex OBJECT-TYPE 612 SYNTAX Unsigned32 (1..4294967295) 613 MAX-ACCESS not-accessible 614 STATUS current 615 DESCRIPTION 616 "A monotonically increasing integer for the sole purpose of 617 indexing entries within the named log. When it reaches the 618 maximum value, an extremely unlikely event, the agent wraps the 619 value back to 1 and may flush existing entries." 620 ::= { nlmLogEntry 1 } 622 nlmLogTime OBJECT-TYPE 623 SYNTAX TimeStamp 624 MAX-ACCESS read-only 625 STATUS current 626 DESCRIPTION 627 "The value of sysUpTime when the entry occurred." 628 ::= { nlmLogEntry 2 } 630 nlmLogEngineID OBJECT-TYPE 631 SYNTAX SnmpEngineID 632 MAX-ACCESS read-only 633 STATUS current 634 DESCRIPTION 635 "The identification of the SNMP engine at which the Notification 636 originated. 638 If the log can contain Notifications from only one engine this 639 or the Trap is from an SNMPv1 system, this object is not 640 instantiated." 641 ::= { nlmLogEntry 3 } 643 nlmLogContextName OBJECT-TYPE 644 SYNTAX SnmpAdminString 645 MAX-ACCESS read-only 646 STATUS current 647 DESCRIPTION 648 "The name of the SNMP MIB context from which the Notification came. 649 For SNMPv1 Traps this is the community string from the Trap. 651 If the Notification's source SNMP engine is known not to support 652 multiple contexts, this object is not instantiated." 653 ::= { nlmLogEntry 4 } 655 nlmLogVariables OBJECT-TYPE 656 SYNTAX Unsigned32 657 MAX-ACCESS read-only 658 STATUS current 659 DESCRIPTION 660 "The number of variables in nlmLogVariableTable for this 661 Notification." 662 ::= { nlmLogEntry 5 } 664 nlmLogNotificationID OBJECT-TYPE 665 SYNTAX OBJECT IDENTIFIER 666 MAX-ACCESS read-only 667 STATUS current 668 DESCRIPTION 669 "The NOTIFICATION-TYPE object identifer of the Notification that 670 occurred." 671 ::= { nlmLogEntry 6 } 673 -- 674 -- Log Variable Table 675 -- 677 nlmLogVariableTable OBJECT-TYPE 678 SYNTAX SEQUENCE OF NlmLogVariableEntry 679 MAX-ACCESS not-accessible 680 STATUS current 681 DESCRIPTION 682 "A table of variables to go with Notification log entries." 684 ::= { nlmLog 2 } 686 nlmLogVariableEntry OBJECT-TYPE 687 SYNTAX NlmLogVariableEntry 688 MAX-ACCESS not-accessible 689 STATUS current 690 DESCRIPTION 691 "A Notification log entry variable. 693 Entries appear in this table when there are variables in 694 the varbind list of a Notification in nlmLogTable." 695 INDEX { nlmLogName, nlmLogIndex, nlmLogVariableIndex } 696 ::= { nlmLogVariableTable 1 } 698 NlmLogVariableEntry ::= SEQUENCE { 699 nlmLogVariableIndex Unsigned32, 700 nlmLogVariableID OBJECT IDENTIFIER, 701 nlmLogVariableValueType INTEGER, 702 nlmLogVariableCounter32Val Counter32, 703 nlmLogVariableUnsigned32Val Unsigned32, 704 nlmLogVariableTimeTicksVal TimeTicks, 705 nlmLogVariableInteger32Val Integer32, 706 nlmLogVariableOctetStringVal OCTET STRING, 707 nlmLogVariableIpAddressVal IpAddress, 708 nlmLogVariableOidVal OBJECT IDENTIFIER, 709 nlmLogVariableCounter64Val Counter64 710 } 712 nlmLogVariableIndex OBJECT-TYPE 713 SYNTAX Unsigned32 (1..4294967295) 714 MAX-ACCESS not-accessible 715 STATUS current 716 DESCRIPTION 717 "A monotonically increasing integer, starting at 1 for a given 718 nlmLogIndex, for indexing variables within the logged 719 Notification." 720 ::= { nlmLogVariableEntry 1 } 722 nlmLogVariableID OBJECT-TYPE 723 SYNTAX OBJECT IDENTIFIER 724 MAX-ACCESS read-only 725 STATUS current 726 DESCRIPTION 727 "The variable's object identifier." 728 ::= { nlmLogVariableEntry 2 } 730 nlmLogVariableValueType OBJECT-TYPE 731 SYNTAX INTEGER { counter32(1), unsigned32(2), timeTicks(3), 732 integer32(4), ipAddress(5), octetString(6), 733 objectId(7), counter64(8) } 734 MAX-ACCESS read-only 735 STATUS current 736 DESCRIPTION 737 "The type of the value. One and only one of the value 738 objects that follow is instantiated, based on this type." 739 ::= { nlmLogVariableEntry 3 } 741 nlmLogVariableCounter32Val OBJECT-TYPE 742 SYNTAX Counter32 743 MAX-ACCESS read-only 744 STATUS current 745 DESCRIPTION 746 "The value when nlmLogVariableType is 'counter32'." 747 ::= { nlmLogVariableEntry 4 } 749 nlmLogVariableUnsigned32Val OBJECT-TYPE 750 SYNTAX Unsigned32 751 MAX-ACCESS read-only 752 STATUS current 753 DESCRIPTION 754 "The value when nlmLogVariableType is 'unsigned32'." 755 ::= { nlmLogVariableEntry 5 } 757 nlmLogVariableTimeTicksVal OBJECT-TYPE 758 SYNTAX TimeTicks 759 MAX-ACCESS read-only 760 STATUS current 761 DESCRIPTION 762 "The value when nlmLogVariableType is 'timeTicks'." 763 ::= { nlmLogVariableEntry 6 } 765 nlmLogVariableInteger32Val OBJECT-TYPE 766 SYNTAX Integer32 767 MAX-ACCESS read-only 768 STATUS current 769 DESCRIPTION 770 "The value when nlmLogVariableType is 'integer32'." 771 ::= { nlmLogVariableEntry 7 } 773 nlmLogVariableOctetStringVal OBJECT-TYPE 774 SYNTAX OCTET STRING 775 MAX-ACCESS read-only 776 STATUS current 777 DESCRIPTION 778 "The value when nlmLogVariableType is 'octetString'." 779 ::= { nlmLogVariableEntry 8 } 781 nlmLogVariableIpAddressVal OBJECT-TYPE 782 SYNTAX IpAddress 783 MAX-ACCESS read-only 784 STATUS current 785 DESCRIPTION 786 "The value when nlmLogVariableType is 'ipAddress'." 787 ::= { nlmLogVariableEntry 9 } 789 nlmLogVariableOidVal OBJECT-TYPE 790 SYNTAX OBJECT IDENTIFIER 791 MAX-ACCESS read-only 792 STATUS current 793 DESCRIPTION 794 "The value when nlmLogVariableType is 'objectId'." 795 ::= { nlmLogVariableEntry 10 } 797 nlmLogVariableCounter64Val OBJECT-TYPE 798 SYNTAX Counter64 799 MAX-ACCESS read-only 800 STATUS current 801 DESCRIPTION 802 "The value when nlmLogVariableType is 'counter64'." 803 ::= { nlmLogVariableEntry 11 } 805 -- 806 -- Conformance 807 -- 809 notificationLogMIBConformance OBJECT IDENTIFIER ::= 810 { notificationLogMIB 3 } 811 notificationLogMIBCompliances OBJECT IDENTIFIER ::= 812 { notificationLogMIBConformance 1 } 813 notificationLogMIBGroups OBJECT IDENTIFIER ::= 814 { notificationLogMIBConformance 2 } 816 -- Compliance 818 notificationLogMIBCompliance MODULE-COMPLIANCE 819 STATUS current 820 DESCRIPTION 821 "The compliance statement for entities which implement 822 the Notification Log MIB." 823 MODULE -- this module 824 MANDATORY-GROUPS { 825 notificationLogConfigGroup, 826 notificationLogStatsGroup, 827 notificationLogLogGroup 828 } 830 OBJECT nlmConfigGlobalEntryLimit 831 SYNTAX (0..4294967295) 832 MIN-ACCESS read-only 833 DESCRIPTION 834 "Implementations may choose a limit and not allow it to be 835 changed or may enforce an upper or lower bound on the 836 limit." 838 OBJECT nlmConfigEntryLimit 839 SYNTAX (0..4294967295) 840 MIN-ACCESS read-only 841 DESCRIPTION 842 "Implementations may choose a limit and not allow it to be 843 changed or may enforce an upper or lower bound on the 844 limit." 846 OBJECT nlmConfigLogEntryStatus 847 MIN-ACCESS read-only 848 DESCRIPTION 849 "Implementations may not allow the creation of named logs." 851 ::= { notificationLogMIBCompliances 1 } 853 -- Units of Conformance 855 notificationLogConfigGroup OBJECT-GROUP 856 OBJECTS { 857 nlmConfigGlobalEntryLimit, 858 nlmConfigGlobalAgeOut, 859 nlmConfigLogFilterName, 860 nlmConfigLogEntryLimit, 861 nlmConfigLogAdminStatus, 862 nlmConfigLogOperStatus, 863 nlmConfigLogStorageType, 864 nlmConfigLogEntryStatus 865 } 866 STATUS current 867 DESCRIPTION 868 "Notification log configuration management." 869 ::= { notificationLogMIBGroups 1 } 871 notificationLogStatsGroup OBJECT-GROUP 872 OBJECTS { 873 nlmStatsGlobalNotificationsLogged, 874 nlmStatsGlobalNotificationsBumped, 875 nlmStatsLogNotificationsLogged, 876 nlmStatsLogNotificationsDiscarded 877 } 878 STATUS current 879 DESCRIPTION 880 "Notification log statistics." 881 ::= { notificationLogMIBGroups 2 } 883 notificationLogLogGroup OBJECT-GROUP 884 OBJECTS { 885 nlmLogTime, 886 nlmLogEngineID, 887 nlmLogContextName, 888 nlmLogVariables, 889 nlmLogNotificationID, 891 nlmLogVariableID, 892 nlmLogVariableValueType, 893 nlmLogVariableCounter32Val, 894 nlmLogVariableUnsigned32Val, 895 nlmLogVariableTimeTicksVal, 896 nlmLogVariableInteger32Val, 897 nlmLogVariableOctetStringVal, 898 nlmLogVariableIpAddressVal, 899 nlmLogVariableOidVal, 900 nlmLogVariableCounter64Val 901 } 902 STATUS current 903 DESCRIPTION 904 "Notification log data." 905 ::= { notificationLogMIBGroups 3 } 907 END 908 4. Intellectual Property 910 The IETF takes no position regarding the validity or scope of any 911 intellectual property or other rights that might be claimed to pertain 912 to the implementation or use of the technology described in this 913 document or the extent to which any license under such rights might or 914 might not be available; neither does it represent that it has made any 915 effort to identify any such rights. Information on the IETF's 916 procedures with respect to rights in standards-track and standards- 917 related documentation can be found in BCP-11. Copies of claims of 918 rights made available for publication and any assurances of licenses to 919 be made available, or the result of an attempt made to obtain a general 920 license or permission for the use of such proprietary rights by 921 implementors or users of this specification can be obtained from the 922 IETF Secretariat. 924 5. References 926 [1] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for 927 Describing SNMP Management Frameworks", RFC 2271, Cabletron 928 Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, 929 January 1998. 931 [2] Rose, M. and K. McCloghrie, "Structure and Identification of 932 Management Information for TCP/IP-based Internets", RFC 1155, 933 Performance Systems International, Hughes LAN Systems, May 1990. 935 [3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", RFC 1212, 936 Performance Systems International, Hughes LAN Systems, March 1991. 938 [4] M. Rose, "A Convention for Defining Traps for use with the SNMP", 939 RFC 1215, Performance Systems International, March 1991. 941 [5] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Structure of 942 Management Information for Version 2 of the Simple Network 943 Management Protocol (SNMPv2)", RFC 1902, SNMP Research,Inc., Cisco 944 Systems, Inc., Dover Beach Consulting, Inc., International Network 945 Services, January 1996. 947 [6] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Textual 948 Conventions for Version 2 of the Simple Network Management Protocol 949 (SNMPv2)", RFC 1903, SNMP Research, Inc., Cisco Systems, Inc., 950 Dover Beach Consulting, Inc., International Network Services, 951 January 1996. 953 [7] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Conformance 954 Statements for Version 2 of the Simple Network Management Protocol 955 (SNMPv2)", RFC 1904, SNMP Research, Inc., Cisco Systems, Inc., 956 Dover Beach Consulting, Inc., International Network Services, 957 January 1996. 959 [8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple Network 960 Management Protocol", RFC 1157, SNMP Research, Performance Systems 961 International, Performance Systems International, MIT Laboratory 962 for Computer Science, May 1990. 964 [9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Introduction 965 to Community-based SNMPv2", RFC 1901, SNMP Research, Inc., Cisco 966 Systems, Inc., Dover Beach Consulting, Inc., International Network 967 Services, January 1996. 969 [10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport 970 Mappings for Version 2 of the Simple Network Management Protocol 971 (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc., 972 Dover Beach Consulting, Inc., International Network Services, 973 January 1996. 975 [11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message 976 Processing and Dispatching for the Simple Network Management 977 Protocol (SNMP)", RFC 2272, SNMP Research, Inc., Cabletron Systems, 978 Inc., BMC Software, Inc., IBM T. J. Watson Research, January 1998. 980 [12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for 981 version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 982 2274, IBM T. J. Watson Research, January 1998. 984 [13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol 985 Operations for Version 2 of the Simple Network Management Protocol 986 (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc., 987 Dover Beach Consulting, Inc., International Network Services, 988 January 1996. 990 [14] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC 991 2273, SNMP Research, Inc., Secure Computing Corporation, Cisco 992 Systems, January 1998 994 [15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access 995 Control Model (VACM) for the Simple Network Management Protocol 996 (SNMP)", RFC 2275, IBM T. J. Watson Research, BMC Software, Inc., 997 Cisco Systems, Inc., January 1998. 999 [16] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Coexistence 1000 between Version 1 and version 2 of the Internet-standard Network 1001 Management Framework", RFC 1903, SNMP Research, Inc., Cisco 1002 Systems, Inc., Dover Beach Consulting, Inc., International Network 1003 Services, January 1996. 1005 6. Security Considerations 1007 Security issues are discussed in the overview. 1009 7. Author's Address 1011 Bob Stewart 1012 Cisco Systems, Inc. 1013 170 West Tasman Drive 1014 San Jose, CA 95134-1706 1015 U.S.A. 1017 Phone: +1 408 526 4527 1018 Email: bstewart@cisco.com 1020 8. Full Copyright Statement 1022 Copyright (C) The Internet Society (1998). All Rights Reserved. 1024 This document and translations of it may be copied and furnished to 1025 others, and derivative works that comment on or otherwise explain it or 1026 assist in its implementation may be prepared, copied, published and 1027 distributed, in whole or in part, without restriction of any kind, 1028 provided that the above copyright notice and this paragraph are included 1029 on all such copies and derivative works. However, this document itself 1030 may not be modified in any way, such as by removing the copyright notice 1031 or references to the Internet Society or other Internet organizations, 1032 except as needed for the purpose of developing Internet standards in 1033 which case the procedures for copyrights defined in the Internet 1034 Standards process must be followed, or as required to translate it into 1035 languages other than English. 1037 The limited permissions granted above are perpetual and will not be 1038 revoked by the Internet Society or its successors or assigns. 1040 This document and the information contained herein is provided on an "AS 1041 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 1042 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 1043 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 1044 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 1045 FITNESS FOR A PARTICULAR PURPOSE. 1047 Table of Contents 1049 1 Abstract ........................................................ 2 1050 2 The SNMP Management Framework ................................... 2 1051 2.1 Environment ................................................... 0 1052 2.1.1 SNMP Engines and Contexts ................................... 0 1053 2.1.2 Security .................................................... 1 1054 2.2 Structure ..................................................... 2 1055 2.2.1 Configuration ............................................... 2 1056 2.2.2 Statistics .................................................. 2 1057 2.2.3 Log ......................................................... 3 1058 2.3 Example ....................................................... 3 1059 3 Definitions ..................................................... 5 1060 4 Intellectual Property ........................................... 19 1061 5 References ...................................................... 20 1062 6 Security Considerations ......................................... 22 1063 7 Author's Address ................................................ 22 1064 8 Full Copyright Statement ........................................ 23